aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

More logging API usage. Changed logging macro's slightly so the vars inside them won't conflict with vars used by the calling function.

Browse Source
remotes/origin/master-1.0.x
Victor Julien 16 years ago
parent bcc5bbef93
commit 968d8df12b
20 changed files with 243 additions and 283 deletions
Show Stats Download Patch File Download Diff File

4
src/alert-debuglog.c
Unescape Escape View File

@ -23,6 +23,8 @@
#include "util-unittest.h" #include "util-unittest.h"
#include "util-debug.h"
#define DEFAULT_LOG_FILENAME "alert-debug.log" #define DEFAULT_LOG_FILENAME "alert-debug.log"
int AlertDebuglog (ThreadVars *, Packet *, void *, PacketQueue *); int AlertDebuglog (ThreadVars *, Packet *, void *, PacketQueue *);
@ -217,6 +219,6 @@ void AlertDebuglogExitPrintStats(ThreadVars *tv, void *data) {
return; return;
} }
printf(" - (%s) Alerts %" PRIu32 ".\n", tv->name, aft->alerts); SCLogInfo("(%s) Alerts %" PRIu32 "", tv->name, aft->alerts);
} }

36
src/counters.c
Unescape Escape View File

@ -237,17 +237,13 @@ static uint16_t PerfRegisterQualifiedCounter(char *cname, char *tm_name,
PerfCounter *pc = NULL; PerfCounter *pc = NULL;
if (cname == NULL || tm_name == NULL || pctx == NULL) { if (cname == NULL || tm_name == NULL || pctx == NULL) {
#ifdef DEBUG SCLogDebug("counter name, tm name null or PerfContext NULL");
printf("counter name, tm name null or PerfContext NULL\n");
#endif
return 0; return 0;
} }
/* (TYPE_MAX - 1) because we still haven't implemented TYPE_STR */ /* (TYPE_MAX - 1) because we still haven't implemented TYPE_STR */
if ((type >= (TYPE_MAX - 1)) || (type < 0)) { if ((type >= (TYPE_MAX - 1)) || (type < 0)) {
#ifdef DEBUG
printf("Error: Counters of type %" PRId32 " can't be registered\n", type); printf("Error: Counters of type %" PRId32 " can't be registered\n", type);
#endif
return 0; return 0;
} }
@ -414,16 +410,12 @@ int PerfCounterDisplay(uint16_t id, PerfContext *pctx, int disp)
*/ */
inline void PerfCounterIncr(uint16_t id, PerfCounterArray *pca) inline void PerfCounterIncr(uint16_t id, PerfCounterArray *pca)
{ {
if (!pca) { if (pca == NULL) {
#ifdef DEBUG SCLogDebug("counterarray is NULL");
printf("counterarray is NULL\n");
#endif
return; return;
} }
if ((id < 1) || (id > pca->size)) { if ((id < 1) || (id > pca->size)) {
#ifdef DEBUG SCLogDebug("counter doesn't exist");
printf("counter doesn't exist\n");
#endif
return; return;
} }
@ -645,9 +637,7 @@ int PerfAddToClubbedTMTable(char *tm_name, PerfContext *pctx)
int i = 0; int i = 0;
if (tm_name == NULL || pctx == NULL) { if (tm_name == NULL || pctx == NULL) {
#ifdef DEBUG SCLogDebug("supplied argument(s) to PerfAddToClubbedTMTable NULL");
printf("Supplied argument(s) to PerfAddToClubbedTMTable NULL\n");
#endif
return 0; return 0;
} }
@ -733,30 +723,22 @@ PerfCounterArray * PerfGetCounterArrayRange(uint16_t s_id, uint16_t e_id,
uint32_t i = 0; uint32_t i = 0;
if (pctx == NULL) { if (pctx == NULL) {
#ifdef DEBUG SCLogDebug("pctx is NULL");
printf("pctx is NULL\n");
#endif
return NULL; return NULL;
} }
if (s_id < 1 || e_id < 1 || s_id > e_id) { if (s_id < 1 || e_id < 1 || s_id > e_id) {
#ifdef DEBUG SCLogDebug("error with the counter ids");
printf("error with the counter ids\n");
#endif
return NULL; return NULL;
} }
if (e_id > pctx->curr_id) { if (e_id > pctx->curr_id) {
#ifdef DEBUG SCLogDebug("end id is greater than the max id for this tv");
printf("end id is greater than the max id for this tv\n");
#endif
return NULL; return NULL;
} }
if (pctx == NULL) { if (pctx == NULL) {
#ifdef DEBUG SCLogDebug("perfcontext is NULL");
printf("perfcontext is NULL\n");
#endif
return NULL; return NULL;
} }

6
src/decode-gre.c
Unescape Escape View File

@ -10,6 +10,7 @@
#include "decode-gre.h" #include "decode-gre.h"
#include "util-unittest.h" #include "util-unittest.h"
#include "util-debug.h"
/** /**
* \brief Function to decode GRE packets * \brief Function to decode GRE packets
@ -31,9 +32,8 @@ void DecodeGRE(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u
if(p->greh == NULL) if(p->greh == NULL)
return; return;
#ifdef DEBUG SCLogDebug("p %p pkt %p GRE protocol %04x Len: %d GRE version %x",
printf("DecodeGRE: p %p pkt %p GRE protocol %04x Len: %d GRE version %x\n", p, pkt, GRE_GET_PROTO(p->greh), len,GRE_GET_VERSION(p->greh)); p, pkt, GRE_GET_PROTO(p->greh), len,GRE_GET_VERSION(p->greh));
#endif
switch (GRE_GET_VERSION(p->greh)) switch (GRE_GET_VERSION(p->greh))
{ {

41
src/decode-ipv4.c
Unescape Escape View File

@ -312,14 +312,15 @@ static int DecodeIPV4Options(ThreadVars *tv, Packet *p, uint8_t *pkt, uint16_t l
p->IPV4_OPTS_CNT = 0; p->IPV4_OPTS_CNT = 0;
#ifdef DEBUG #ifdef DEBUG
printf("DecodeIPV4Options\n"); if (SCLogDebugEnabled()) {
{
uint16_t i; uint16_t i;
printf("IPV4OPTS: { "); char buf[256] = "";
int offset = 0;
for (i = 0; i < len; i++) { for (i = 0; i < len; i++) {
printf("%02" PRIx8 " ", pkt[i]); offset += snprintf(buf + offset, (sizeof(buf) - offset), "%02" PRIx8 " ", pkt[i]);
} }
printf("}\n"); SCLogDebug("IPV4OPTS: { %s}", buf);
} }
#endif #endif
@ -334,20 +335,12 @@ static int DecodeIPV4Options(ThreadVars *tv, Packet *p, uint8_t *pkt, uint16_t l
/* single byte options */ /* single byte options */
if (*pkt == IPV4_OPT_EOL) { if (*pkt == IPV4_OPT_EOL) {
/** \todo What if more data exist after EOL (possible covert channel or data leakage)? */ /** \todo What if more data exist after EOL (possible covert channel or data leakage)? */
#ifdef DEBUG SCLogDebug("IPV4OPT %" PRIu16 " len 1 @ %" PRIu16 "/%" PRIu16 "",
printf("IPV4OPT %" PRIu16 " len 1 @ %" PRIu16 "/%" PRIu16 "\n", *pkt, (len - plen), (len - 1));
*pkt,
(len - plen),
(len - 1));
#endif
break; break;
} else if (*pkt == IPV4_OPT_NOP) { } else if (*pkt == IPV4_OPT_NOP) {
#ifdef DEBUG SCLogDebug("IPV4OPT %" PRIu16 " len 1 @ %" PRIu16 "/%" PRIu16 "",
printf("IPV4OPT %" PRIu16 " len 1 @ %" PRIu16 "/%" PRIu16 "\n", *pkt, (len - plen), (len - 1));
*pkt,
(len - plen),
(len - 1));
#endif
pkt++; pkt++;
plen--; plen--;
@ -373,13 +366,9 @@ static int DecodeIPV4Options(ThreadVars *tv, Packet *p, uint8_t *pkt, uint16_t l
else else
p->IPV4_OPTS[p->IPV4_OPTS_CNT].data = NULL; p->IPV4_OPTS[p->IPV4_OPTS_CNT].data = NULL;
#ifdef DEBUG SCLogDebug("IPV4OPT %" PRIu16 " len %" PRIu16 " @ %" PRIu16 "/%" PRIu16 "",
printf("IPV4OPT %" PRIu16 " len %" PRIu16 " @ %" PRIu16 "/%" PRIu16 "\n", p->IPV4_OPTS[p->IPV4_OPTS_CNT].type, p->IPV4_OPTS[p->IPV4_OPTS_CNT].len,
p->IPV4_OPTS[p->IPV4_OPTS_CNT].type, (len - plen), (len - 1));
p->IPV4_OPTS[p->IPV4_OPTS_CNT].len,
(len - plen),
(len - 1));
#endif
/* we already know that the total options len is valid, /* we already know that the total options len is valid,
* so here the len of the specific option must be bad. * so here the len of the specific option must be bad.
@ -486,11 +475,9 @@ static int DecodeIPV4Options(ThreadVars *tv, Packet *p, uint8_t *pkt, uint16_t l
p->ip4vars.o_rtralt = &p->IPV4_OPTS[p->IPV4_OPTS_CNT]; p->ip4vars.o_rtralt = &p->IPV4_OPTS[p->IPV4_OPTS_CNT];
break; break;
default: default:
#ifdef DEBUG SCLogDebug("IPV4OPT <unknown> (%" PRIu8 ") len %" PRIu8 "",
printf("IPV4OPT <unknown> (%" PRIu8 ") len %" PRIu8 "\n",
p->IPV4_OPTS[p->IPV4_OPTS_CNT].type, p->IPV4_OPTS[p->IPV4_OPTS_CNT].type,
p->IPV4_OPTS[p->IPV4_OPTS_CNT].len); p->IPV4_OPTS[p->IPV4_OPTS_CNT].len);
#endif
DECODER_SET_EVENT(p,IPV4_OPT_INVALID); DECODER_SET_EVENT(p,IPV4_OPT_INVALID);
/* Warn - we can keep going */ /* Warn - we can keep going */
break; break;

10
src/decode-ppp.c
Unescape Escape View File

@ -9,6 +9,7 @@
#include "flow.h" #include "flow.h"
#include "util-unittest.h" #include "util-unittest.h"
#include "util-debug.h"
void DecodePPP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, uint16_t len, PacketQueue *pq) void DecodePPP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, uint16_t len, PacketQueue *pq)
{ {
@ -23,9 +24,8 @@ void DecodePPP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u
if(p->ppph == NULL) if(p->ppph == NULL)
return; return;
#ifdef DEBUG SCLogDebug("p %p pkt %p PPP protocol %04x Len: %" PRId32 "",
printf("DecodePPP: p %p pkt %p PPP protocol %04x Len: %" PRId32 "\n", p, pkt, ntohs(p->ppph->protocol), len); p, pkt, ntohs(p->ppph->protocol), len);
#endif
switch (ntohs(p->ppph->protocol)) switch (ntohs(p->ppph->protocol))
{ {
@ -92,9 +92,7 @@ void DecodePPP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u
break; break;
default: default:
#ifdef DEBUG SCLogDebug("unknown PPP protocol: %" PRIx32 "",ntohs(p->ppph->protocol));
printf("Unknown PPP protocol: %" PRIx32 "\n",ntohs(p->ppph->protocol));
#endif
DECODER_SET_EVENT(p,PPP_WRONG_TYPE); DECODER_SET_EVENT(p,PPP_WRONG_TYPE);
return; return;
} }

21
src/decode-pppoe.c
Unescape Escape View File

@ -15,6 +15,7 @@
#include "decode-events.h" #include "decode-events.h"
#include "util-unittest.h" #include "util-unittest.h"
#include "util-debug.h"
/** /**
* \brief Main decoding function for PPPOE Discovery packets * \brief Main decoding function for PPPOE Discovery packets
@ -47,9 +48,7 @@ void DecodePPPOEDiscovery(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint
break; break;
default: default:
#ifdef DEBUG SCLogDebug("unknown PPPOE code: %" PRIx32 "",ntohs(p->pppoedh->pppoe_code));
printf("Unknown PPPOE code: %" PRIx32 "\n",ntohs(p->pppoedh->pppoe_code));
#endif
DECODER_SET_EVENT(p,PPPOE_WRONG_CODE); DECODER_SET_EVENT(p,PPPOE_WRONG_CODE);
} }
@ -62,9 +61,7 @@ void DecodePPPOEDiscovery(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint
uint16_t packet_length = len - PPPOE_DISCOVERY_HEADER_MIN_LEN ; uint16_t packet_length = len - PPPOE_DISCOVERY_HEADER_MIN_LEN ;
if (pppoe_length>packet_length) { if (pppoe_length>packet_length) {
#ifdef DEBUG SCLogDebug("malformed PPPOE tags");
printf("Malformed PPPOE tags\n");
#endif
DECODER_SET_EVENT(p,PPPOE_MALFORMED_TAGS); DECODER_SET_EVENT(p,PPPOE_MALFORMED_TAGS);
} }
@ -73,9 +70,7 @@ void DecodePPPOEDiscovery(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint
tag_type = ntohs(pppoedt->pppoe_tag_type); tag_type = ntohs(pppoedt->pppoe_tag_type);
tag_length = ntohs(pppoedt->pppoe_tag_length); tag_length = ntohs(pppoedt->pppoe_tag_length);
#ifdef DEBUG SCLogDebug ("PPPoE Tag type %x, length %u", tag_type, tag_length);
printf ("PPPoE Tag type %x, length %u\n", tag_type, tag_length);
#endif
if (pppoe_length >= 4+tag_length) { if (pppoe_length >= 4+tag_length) {
pppoe_length -= (4 + tag_length); pppoe_length -= (4 + tag_length);
@ -110,10 +105,8 @@ void DecodePPPOESession(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_
if (p->pppoesh == NULL) if (p->pppoesh == NULL)
return; return;
#ifdef DEBUG SCLogDebug("PPPOE VERSION %" PRIu32 " TYPE %" PRIu32 " CODE %" PRIu32 " SESSIONID %" PRIu32 " LENGTH %" PRIu32 "",
printf("PPPOE VERSION %" PRIu32 " TYPE %" PRIu32 " CODE %" PRIu32 " SESSIONID %" PRIu32 " LENGTH %" PRIu32 "\n",
p->pppoesh->pppoe_version, p->pppoesh->pppoe_type, p->pppoesh->pppoe_code, ntohs(p->pppoesh->session_id), ntohs(p->pppoesh->pppoe_length)); p->pppoesh->pppoe_version, p->pppoesh->pppoe_type, p->pppoesh->pppoe_code, ntohs(p->pppoesh->session_id), ntohs(p->pppoesh->pppoe_length));
#endif
/* can't use DecodePPP() here because we only get a single 2-byte word to indicate protocol instead of the full PPP header */ /* can't use DecodePPP() here because we only get a single 2-byte word to indicate protocol instead of the full PPP header */
@ -185,9 +178,7 @@ void DecodePPPOESession(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_
break; break;
default: default:
#ifdef DEBUG SCLogDebug("unknown PPP protocol: %" PRIx32 "",ntohs(p->ppph->protocol));
printf("Unknown PPP protocol: %" PRIx32 "\n",ntohs(p->ppph->protocol));
#endif
DECODER_SET_EVENT(p,PPP_WRONG_TYPE); DECODER_SET_EVENT(p,PPP_WRONG_TYPE);
return; return;
} }

6
src/detect-bytejump.c
Unescape Escape View File

@ -12,6 +12,7 @@
#include "util-byte.h" #include "util-byte.h"
#include "util-unittest.h" #include "util-unittest.h"
#include "util-debug.h"
/** /**
* \brief Regex for parsing our options * \brief Regex for parsing our options
@ -159,11 +160,10 @@ int DetectBytejumpMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
} }
#ifdef DEBUG #ifdef DEBUG
{ if (SCLogDebugEnabled()) {
uint8_t *sptr = (data->flags & DETECT_BYTEJUMP_BEGIN) ? p->payload uint8_t *sptr = (data->flags & DETECT_BYTEJUMP_BEGIN) ? p->payload
: ptr; : ptr;
printf("DetectBytejumpMatch: Jumping %" PRId64 " bytes " SCLogDebug("jumping %" PRId64 " bytes from %p (%08x) to %p (%08x)",
"from %p (%08x) to %p (%08x)\n",
val, sptr, (int)(sptr - p->payload), val, sptr, (int)(sptr - p->payload),
jumpptr, (int)(jumpptr - p->payload)); jumpptr, (int)(jumpptr - p->payload));
} }

21
src/detect-bytetest.c
Unescape Escape View File

@ -12,6 +12,8 @@
#include "util-byte.h" #include "util-byte.h"
#include "util-unittest.h" #include "util-unittest.h"
#include "util-debug.h"
/** /**
* \brief Regex for parsing our options * \brief Regex for parsing our options
@ -120,11 +122,9 @@ int DetectBytetestMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
"bytes of string data: %d\n", data->nbytes, extbytes); "bytes of string data: %d\n", data->nbytes, extbytes);
return -1; return -1;
} }
#ifdef DEBUG
printf("DetectBytetestMatch: Comparing base %d " SCLogDebug("comparing base %d string 0x%" PRIx64 " %s%c 0x%" PRIx64 "",
"string 0x%" PRIx64 " %s%c 0x%" PRIx64 "\n",
data->base, val, (neg ? "!" : ""), data->op, data->value); data->base, val, (neg ? "!" : ""), data->op, data->value);
#endif /* DEBUG */
} }
else { else {
int endianness = (data->flags & DETECT_BYTETEST_LITTLE) ? BYTE_LITTLE_ENDIAN : BYTE_BIG_ENDIAN; int endianness = (data->flags & DETECT_BYTETEST_LITTLE) ? BYTE_LITTLE_ENDIAN : BYTE_BIG_ENDIAN;
@ -135,11 +135,8 @@ int DetectBytetestMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
return -1; return -1;
} }
#ifdef DEBUG SCLogDebug("comparing numeric 0x%" PRIx64 " %s%c 0x%" PRIx64 "",
printf("DetectBytetestMatch: Comparing numeric 0x%" PRIx64
" %s%c 0x%" PRIx64 "\n",
val, (neg ? "!" : ""), data->op, data->value); val, (neg ? "!" : ""), data->op, data->value);
#endif /* DEBUG */
} }
@ -178,15 +175,11 @@ int DetectBytetestMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
/* A successful match depends on negation */ /* A successful match depends on negation */
if ((!neg && match) || (neg && !match)) { if ((!neg && match) || (neg && !match)) {
#ifdef DEBUG SCLogDebug("MATCH");
printf("DetectBytetestMatch: MATCH\n");
#endif /* DEBUG */
return 1; return 1;
} }
#ifdef DEBUG SCLogDebug("NO MATCH");
printf("DetectBytetestMatch: NO MATCH\n");
#endif /* DEBUG */
return 0; return 0;
} }

48
src/detect-engine-address.c
Unescape Escape View File

@ -22,6 +22,8 @@
#include "detect-engine-address-ipv6.h" #include "detect-engine-address-ipv6.h"
#include "detect-engine-port.h" #include "detect-engine-port.h"
#include "util-debug.h"
//#define DEBUG //#define DEBUG
int DetectAddressSetup (DetectEngineCtx *, Signature *s, SigMatch *m, char *sidstr); int DetectAddressSetup (DetectEngineCtx *, Signature *s, SigMatch *m, char *sidstr);
@ -594,9 +596,7 @@ int DetectAddressGroupSetup(DetectAddressGroupsHead *gh, char *s) {
DetectAddressData *ad = NULL; DetectAddressData *ad = NULL;
int r = 0; int r = 0;
#ifdef DEBUG SCLogDebug("gh %p, s %s", gh, s);
printf("DetectAddressGroupSetup: gh %p, s %s\n", gh, s);
#endif
/* parse the address */ /* parse the address */
ad = DetectAddressParse(s); ad = DetectAddressParse(s);
@ -740,9 +740,7 @@ int DetectAddressGroupMergeNot(DetectAddressGroupsHead *gh, DetectAddressGroupsH
/* check if the negated list covers the entire ip space. If so /* check if the negated list covers the entire ip space. If so
the user screwed up the rules/vars. */ the user screwed up the rules/vars. */
if (DetectAddressGroupIsCompleteIPSpace(ghn) == 1) { if (DetectAddressGroupIsCompleteIPSpace(ghn) == 1) {
#ifdef DEBUG
printf("DetectAddressGroupMergeNot: complete IP space negated\n"); printf("DetectAddressGroupMergeNot: complete IP space negated\n");
#endif
goto error; goto error;
} }
@ -794,13 +792,13 @@ int DetectAddressGroupMergeNot(DetectAddressGroupsHead *gh, DetectAddressGroupsH
/* step 2: pull the address blocks that match our 'not' blocks */ /* step 2: pull the address blocks that match our 'not' blocks */
for (ag = ghn->ipv4_head; ag != NULL; ag = ag->next) { for (ag = ghn->ipv4_head; ag != NULL; ag = ag->next) {
#ifdef DEBUG SCLogDebug("ag %p", ag);
printf("DetectAddressGroupMergeNot: ag %p ", ag); DetectAddressDataPrint(ag->ad); printf("\n"); DetectAddressDataPrint(ag->ad);
#endif
for (ag2 = gh->ipv4_head; ag2 != NULL; ) { for (ag2 = gh->ipv4_head; ag2 != NULL; ) {
#ifdef DEBUG SCLogDebug("ag2 %p", ag2);
printf("DetectAddressGroupMergeNot: ag2 %p ", ag2); DetectAddressDataPrint(ag2->ad); printf("\n"); DetectAddressDataPrint(ag2->ad);
#endif
r = DetectAddressCmp(ag->ad,ag2->ad); r = DetectAddressCmp(ag->ad,ag2->ad);
if (r == ADDRESS_EQ || r == ADDRESS_EB) { /* XXX more ??? */ if (r == ADDRESS_EQ || r == ADDRESS_EB) { /* XXX more ??? */
if (ag2->prev == NULL) { if (ag2->prev == NULL) {
@ -849,9 +847,7 @@ int DetectAddressGroupMergeNot(DetectAddressGroupsHead *gh, DetectAddressGroupsH
/* if the result is that we have no addresses we return error */ /* if the result is that we have no addresses we return error */
if (gh->ipv4_head == NULL && gh->ipv6_head == NULL) { if (gh->ipv4_head == NULL && gh->ipv6_head == NULL) {
#ifdef DEBUG printf("no addresses left after merging addresses and not-addresses\n");
printf("DetectAddressGroupMergeNot: no addresses left after merge\n");
#endif
goto error; goto error;
} }
@ -864,9 +860,7 @@ error:
int DetectAddressGroupParse(DetectAddressGroupsHead *gh, char *str) { int DetectAddressGroupParse(DetectAddressGroupsHead *gh, char *str) {
int r; int r;
#ifdef DEBUG SCLogDebug("gh %p, str %s", gh, str);
printf("DetectAddressGroupParse: gh %p, str %s\n", gh, str);
#endif
DetectAddressGroupsHead *ghn = DetectAddressGroupsHeadInit(); DetectAddressGroupsHead *ghn = DetectAddressGroupsHeadInit();
if (ghn == NULL) { if (ghn == NULL) {
@ -1261,24 +1255,24 @@ void DetectAddressDataPrint(DetectAddressData *ad) {
printf("ANY"); printf("ANY");
} else if (ad->family == AF_INET) { } else if (ad->family == AF_INET) {
struct in_addr in; struct in_addr in;
char s[16]; char ip[16], mask[16];
memcpy(&in, &ad->ip[0], sizeof(in)); memcpy(&in, &ad->ip[0], sizeof(in));
inet_ntop(AF_INET, &in, s, sizeof(s)); inet_ntop(AF_INET, &in, ip, sizeof(ip));
printf("%s/", s);
memcpy(&in, &ad->ip2[0], sizeof(in)); memcpy(&in, &ad->ip2[0], sizeof(in));
inet_ntop(AF_INET, &in, s, sizeof(s)); inet_ntop(AF_INET, &in, mask, sizeof(mask));
printf("%s", s);
SCLogDebug("%s/%s", ip, mask);
} else if (ad->family == AF_INET6) { } else if (ad->family == AF_INET6) {
struct in6_addr in6; struct in6_addr in6;
char s[66]; char ip[66], mask[66];
memcpy(&in6, &ad->ip, sizeof(in6)); memcpy(&in6, &ad->ip, sizeof(in6));
inet_ntop(AF_INET6, &in6, s, sizeof(s)); inet_ntop(AF_INET6, &in6, ip, sizeof(ip));
printf("%s/", s);
memcpy(&in6, &ad->ip2, sizeof(in6)); memcpy(&in6, &ad->ip2, sizeof(in6));
inet_ntop(AF_INET6, &in6, s, sizeof(s)); inet_ntop(AF_INET6, &in6, mask, sizeof(mask));
printf("%s", s);
SCLogDebug("%s/%s", ip, mask);
} }
} }

188
src/detect-engine-port.c
Unescape Escape View File

@ -20,6 +20,8 @@
#include "detect-engine-siggroup.h" #include "detect-engine-siggroup.h"
#include "detect-engine-port.h" #include "detect-engine-port.h"
#include "util-debug.h"
//#define DEBUG //#define DEBUG
int DetectPortSetupTmp (DetectEngineCtx *, Signature *s, SigMatch *m, char *sidstr); int DetectPortSetupTmp (DetectEngineCtx *, Signature *s, SigMatch *m, char *sidstr);
@ -185,23 +187,24 @@ int DetectPortInsertCopy(DetectEngineCtx *de_ctx, DetectPort **head, DetectPort
return DetectPortInsert(de_ctx, head, copy); return DetectPortInsert(de_ctx, head, copy);
} }
//#define DBG /** \brief function for inserting a port group object. This also makes sure
/* function for inserting a port group oject. This also makes sure * SigGroupContainer lists are handled correctly.
* SigGroupContainer lists are handled correctly.
* *
* returncodes * \retval -1 error
* -1: error * \retval 0 not inserted, memory of new is freed
* 0: not inserted, memory of new is freed * \retval 1 inserted
* 1: inserted
* */ * */
int DetectPortInsert(DetectEngineCtx *de_ctx, DetectPort **head, DetectPort *new) { int DetectPortInsert(DetectEngineCtx *de_ctx, DetectPort **head, DetectPort *new) {
if (new == NULL) if (new == NULL)
return 0; return 0;
#ifdef DBG #ifdef DEBUG
printf("DetectPortInsert: head %p, new %p\n", head, new); SCLogDebug("head %p, new %p", head, new);
printf("DetectPortInsert: inserting (sig %" PRIu32 ") ", new->sh ? new->sh->sig_cnt : 0); DetectPortPrint(new); printf("\n"); SCLogDebug("inserting (sig %" PRIu32 ")", new->sh ? new->sh->sig_cnt : 0);
DetectPortPrintList(*head); if (SCLogDebugEnabled()) {
DetectPortPrint(new);
DetectPortPrintList(*head);
}
#endif #endif
/* see if it already exists or overlaps with existing ag's */ /* see if it already exists or overlaps with existing ag's */
@ -210,21 +213,18 @@ int DetectPortInsert(DetectEngineCtx *de_ctx, DetectPort **head, DetectPort *new
int r = 0; int r = 0;
for (cur = *head; cur != NULL; cur = cur->next) { for (cur = *head; cur != NULL; cur = cur->next) {
// printf("DetectPortInsert: cur %p ",cur); DetectPortPrint(cur); printf("\n");
// DetectPortPrintList(cur);
// printf("DetectPortInsert: cur end ========\n");
r = DetectPortCmp(new,cur); r = DetectPortCmp(new,cur);
if (r == PORT_ER) { if (r == PORT_ER) {
printf("PORT_ER DetectPortCmp compared:\n"); SCLogDebug("PORT_ER DetectPortCmp compared:");
DetectPortPrint(new); printf(" vs. "); if (SCLogDebugEnabled()) {
DetectPortPrint(cur); printf("\n"); DetectPortPrint(new);
DetectPortPrint(cur);
}
goto error; goto error;
} }
/* if so, handle that */ /* if so, handle that */
if (r == PORT_EQ) { if (r == PORT_EQ) {
#ifdef DBG SCLogDebug("PORT_EQ %p %p", cur, new);
printf("DetectPortInsert: PORT_EQ %p %p\n", cur, new);
#endif
/* exact overlap/match */ /* exact overlap/match */
if (cur != new) { if (cur != new) {
SigGroupHeadCopySigs(de_ctx,new->sh,&cur->sh); SigGroupHeadCopySigs(de_ctx,new->sh,&cur->sh);
@ -234,34 +234,21 @@ int DetectPortInsert(DetectEngineCtx *de_ctx, DetectPort **head, DetectPort *new
} }
return 1; return 1;
} else if (r == PORT_GT) { } else if (r == PORT_GT) {
#ifdef DBG SCLogDebug("PORT_GT (cur->next %p)", cur->next);
printf("DetectPortInsert: PORT_GT (cur->next %p)\n", cur->next);
#endif
/* only add it now if we are bigger than the last /* only add it now if we are bigger than the last
* group. Otherwise we'll handle it later. */ * group. Otherwise we'll handle it later. */
if (cur->next == NULL) { if (cur->next == NULL) {
#ifdef DBG SCLogDebug("adding GT");
printf("DetectPortInsert: adding GT\n");
#endif
/* put in the list */ /* put in the list */
new->prev = cur; new->prev = cur;
cur->next = new; cur->next = new;
/*
printf("DetectPortInsert: cur %p ",cur); DetectPortPrint(cur); printf("\n");
DetectPortPrintList(cur);
printf("DetectPortInsert: cur end ========\n");
printf("DetectPortInsert: new %p ",new); DetectPortPrint(new); printf("\n");
DetectPortPrintList(new);
printf("DetectPortInsert: new end ========\n");
*/
return 1; return 1;
} else { } else {
//printf("cur->next "); DetectPortPrint(cur->next); printf("\n"); //printf("cur->next "); DetectPortPrint(cur->next); printf("\n");
} }
} else if (r == PORT_LT) { } else if (r == PORT_LT) {
#ifdef DBG SCLogDebug("PORT_LT");
printf("DetectPortInsert: PORT_LT\n");
#endif
/* see if we need to insert the ag anywhere */ /* see if we need to insert the ag anywhere */
/* put in the list */ /* put in the list */
if (cur->prev != NULL) if (cur->prev != NULL)
@ -280,9 +267,7 @@ int DetectPortInsert(DetectEngineCtx *de_ctx, DetectPort **head, DetectPort *new
* lets handle the more complex ones now */ * lets handle the more complex ones now */
} else if (r == PORT_ES) { } else if (r == PORT_ES) {
#ifdef DBG SCLogDebug("PORT_ES");
printf("DetectPortInsert: PORT_ES\n");
#endif
DetectPort *c = NULL; DetectPort *c = NULL;
r = DetectPortCut(de_ctx,cur,new,&c); r = DetectPortCut(de_ctx,cur,new,&c);
if (r == -1) if (r == -1)
@ -290,16 +275,15 @@ int DetectPortInsert(DetectEngineCtx *de_ctx, DetectPort **head, DetectPort *new
DetectPortInsert(de_ctx, head, new); DetectPortInsert(de_ctx, head, new);
if (c != NULL) { if (c != NULL) {
#ifdef DBG SCLogDebug("inserting C (%p)",c);
printf("DetectPortInsert: inserting C (%p) ",c); DetectPortPrint(c); printf("\n"); if (SCLogDebugEnabled()) {
#endif DetectPortPrint(c);
}
DetectPortInsert(de_ctx, head, c); DetectPortInsert(de_ctx, head, c);
} }
return 1; return 1;
} else if (r == PORT_EB) { } else if (r == PORT_EB) {
#ifdef DBG SCLogDebug("PORT_EB");
printf("DetectPortInsert: PORT_EB\n");
#endif
DetectPort *c = NULL; DetectPort *c = NULL;
r = DetectPortCut(de_ctx,cur,new,&c); r = DetectPortCut(de_ctx,cur,new,&c);
if (r == -1) if (r == -1)
@ -307,16 +291,15 @@ int DetectPortInsert(DetectEngineCtx *de_ctx, DetectPort **head, DetectPort *new
DetectPortInsert(de_ctx, head, new); DetectPortInsert(de_ctx, head, new);
if (c != NULL) { if (c != NULL) {
#ifdef DBG SCLogDebug("inserting C");
printf("DetectPortInsert: inserting C "); DetectPortPrint(c); printf("\n"); if (SCLogDebugEnabled()) {
#endif DetectPortPrint(c);
}
DetectPortInsert(de_ctx, head, c); DetectPortInsert(de_ctx, head, c);
} }
return 1; return 1;
} else if (r == PORT_LE) { } else if (r == PORT_LE) {
#ifdef DBG SCLogDebug("PORT_LE");
printf("DetectPortInsert: PORT_LE\n");
#endif
DetectPort *c = NULL; DetectPort *c = NULL;
r = DetectPortCut(de_ctx,cur,new,&c); r = DetectPortCut(de_ctx,cur,new,&c);
if (r == -1) if (r == -1)
@ -324,16 +307,15 @@ int DetectPortInsert(DetectEngineCtx *de_ctx, DetectPort **head, DetectPort *new
DetectPortInsert(de_ctx, head, new); DetectPortInsert(de_ctx, head, new);
if (c != NULL) { if (c != NULL) {
#ifdef DBG SCLogDebug("inserting C");
printf("DetectPortInsert: inserting C "); DetectPortPrint(c); printf("\n"); if (SCLogDebugEnabled()) {
#endif DetectPortPrint(c);
}
DetectPortInsert(de_ctx, head, c); DetectPortInsert(de_ctx, head, c);
} }
return 1; return 1;
} else if (r == PORT_GE) { } else if (r == PORT_GE) {
#ifdef DBG SCLogDebug("PORT_GE");
printf("DetectPortInsert: PORT_GE\n");
#endif
DetectPort *c = NULL; DetectPort *c = NULL;
r = DetectPortCut(de_ctx,cur,new,&c); r = DetectPortCut(de_ctx,cur,new,&c);
if (r == -1) if (r == -1)
@ -341,9 +323,10 @@ int DetectPortInsert(DetectEngineCtx *de_ctx, DetectPort **head, DetectPort *new
DetectPortInsert(de_ctx, head, new); DetectPortInsert(de_ctx, head, new);
if (c != NULL) { if (c != NULL) {
#ifdef DBG SCLogDebug("inserting C");
printf("DetectPortInsert: inserting C "); DetectPortPrint(c); printf("\n"); if (SCLogDebugEnabled()) {
#endif DetectPortPrint(c);
}
DetectPortInsert(de_ctx, head, c); DetectPortInsert(de_ctx, head, c);
} }
return 1; return 1;
@ -352,9 +335,7 @@ int DetectPortInsert(DetectEngineCtx *de_ctx, DetectPort **head, DetectPort *new
/* head is NULL, so get a group and set head to it */ /* head is NULL, so get a group and set head to it */
} else { } else {
#ifdef DBG SCLogDebug("setting new head %p", new);
printf("DetectPortInsert: Setting new head\n");
#endif
*head = new; *head = new;
} }
@ -800,9 +781,9 @@ void DetectPortPrint(DetectPort *dp) {
return; return;
if (dp->flags & PORT_FLAG_ANY) { if (dp->flags & PORT_FLAG_ANY) {
printf("ANY"); SCLogDebug("ANY");
} else { } else {
printf("%" PRIu32 "-%" PRIu32, dp->port, dp->port2); SCLogDebug("%" PRIu32 "-%" PRIu32 "", dp->port, dp->port2);
} }
} }
@ -851,9 +832,7 @@ static int DetectPortParseInsertString(DetectPort **head, char *s) {
DetectPort *ad = NULL; DetectPort *ad = NULL;
int r = 0; int r = 0;
#ifdef DEBUG SCLogDebug("head %p, *head %p, s %s", head, *head, s);
printf("DetectPortParseInsertString: head %p, *head %p, s %s\n", head, *head, s);
#endif
/* parse the address */ /* parse the address */
ad = PortParse(s); ad = PortParse(s);
@ -912,9 +891,7 @@ static int DetectPortParseDo(DetectPort **head, DetectPort **nhead, char *s,int
size_t size = strlen(s); size_t size = strlen(s);
char address[1024] = ""; char address[1024] = "";
#ifdef DEBUG SCLogDebug("head %p, *head %p", head, *head);
printf("DetectPortParseDo: head %p, *head %p\n", head, *head);
#endif
for (i = 0, x = 0; i < size && x < sizeof(address); i++) { for (i = 0, x = 0; i < size && x < sizeof(address); i++) {
address[x] = s[i]; address[x] = s[i];
@ -922,10 +899,10 @@ static int DetectPortParseDo(DetectPort **head, DetectPort **nhead, char *s,int
if (s[i] == ':') { if (s[i] == ':') {
range = 1; range = 1;
} else if (range == 1 && s[i] == '!') { }
#ifdef DEBUG
if (range == 1 && s[i] == '!') {
printf("Can't have a negated value in a range.\n"); printf("Can't have a negated value in a range.\n");
#endif
return -1; return -1;
} else if (!o_set && s[i] == '!') { } else if (!o_set && s[i] == '!') {
n_set = 1; n_set = 1;
@ -937,21 +914,23 @@ static int DetectPortParseDo(DetectPort **head, DetectPort **nhead, char *s,int
} }
depth++; depth++;
} else if (s[i] == ']') { } else if (s[i] == ']') {
range = 0;
if (depth == 1) { if (depth == 1) {
address[x-1] = '\0'; address[x-1] = '\0';
SCLogDebug("%s", address);
x = 0; x = 0;
DetectPortParseDo(head,nhead,address,negate ? negate : n_set); DetectPortParseDo(head,nhead,address,negate ? negate : n_set);
n_set = 0; n_set = 0;
} }
depth--; depth--;
} else if (depth == 0 && s[i] == ',') {
range = 0; range = 0;
} else if (depth == 0 && s[i] == ',') {
if (o_set == 1) { if (o_set == 1) {
o_set = 0; o_set = 0;
} else { } else {
address[x-1] = '\0'; address[x-1] = '\0';
SCLogDebug("%s", address);
if (negate == 0 && n_set == 0) { if (negate == 0 && n_set == 0) {
DetectPortParseInsertString(head,address); DetectPortParseInsertString(head,address);
} else { } else {
@ -960,9 +939,12 @@ static int DetectPortParseDo(DetectPort **head, DetectPort **nhead, char *s,int
n_set = 0; n_set = 0;
} }
x = 0; x = 0;
range = 0;
} else if (depth == 0 && i == size-1) { } else if (depth == 0 && i == size-1) {
range = 0; range = 0;
address[x] = '\0'; address[x] = '\0';
SCLogDebug("%s", address);
x = 0; x = 0;
if (negate == 0 && n_set == 0) { if (negate == 0 && n_set == 0) {
@ -1032,9 +1014,7 @@ int DetectPortParseMergeNotPorts(DetectPort **head, DetectPort **nhead) {
* we have a pure not thingy. In that case we add a 0:65535 * we have a pure not thingy. In that case we add a 0:65535
* first. */ * first. */
if (*head == NULL && *nhead != NULL) { if (*head == NULL && *nhead != NULL) {
#ifdef DEBUG SCLogDebug("inserting 0:65535 into head");
printf("DetectPortParseMergeNotPorts: inserting 0:65535 into head\n");
#endif
r = DetectPortParseInsertString(head,"0:65535"); r = DetectPortParseInsertString(head,"0:65535");
if (r < 0) { if (r < 0) {
goto error; goto error;
@ -1057,13 +1037,13 @@ int DetectPortParseMergeNotPorts(DetectPort **head, DetectPort **nhead) {
/* step 2: pull the address blocks that match our 'not' blocks */ /* step 2: pull the address blocks that match our 'not' blocks */
for (ag = *nhead; ag != NULL; ag = ag->next) { for (ag = *nhead; ag != NULL; ag = ag->next) {
#ifdef DEBUG SCLogDebug("ag %p", ag);
printf("DetectPortParseMergeNotPorts: ag %p ", ag); DetectPortPrint(ag); printf("\n"); DetectPortPrint(ag);
#endif
for (ag2 = *head; ag2 != NULL; ) { for (ag2 = *head; ag2 != NULL; ) {
#ifdef DEBUG SCLogDebug("ag2 %p", ag2);
printf("DetectPortParseMergeNotPorts: ag2 %p ", ag2); DetectPortPrint(ag2); printf("\n"); DetectPortPrint(ag2);
#endif
r = DetectPortCmp(ag,ag2); r = DetectPortCmp(ag,ag2);
if (r == PORT_EQ || r == PORT_EB) { /* XXX more ??? */ if (r == PORT_EQ || r == PORT_EB) { /* XXX more ??? */
if (ag2->prev == NULL) { if (ag2->prev == NULL) {
@ -1086,15 +1066,12 @@ int DetectPortParseMergeNotPorts(DetectPort **head, DetectPort **nhead) {
} }
for (ag2 = *head; ag2 != NULL; ag2 = ag2->next) { for (ag2 = *head; ag2 != NULL; ag2 = ag2->next) {
#ifdef DEBUG SCLogDebug("ag2 %p", ag2);
printf("DetectPortParseMergeNotPorts: ag2 %p ", ag2); DetectPortPrint(ag2); printf("\n"); DetectPortPrint(ag2);
#endif
} }
if (*head == NULL) { if (*head == NULL) {
#ifdef DEBUG
printf("DetectPortParseMergeNotPorts: no ports left after merge\n"); printf("DetectPortParseMergeNotPorts: no ports left after merge\n");
#endif
goto error; goto error;
} }
@ -1106,9 +1083,7 @@ error:
int DetectPortParse(DetectPort **head, char *str) { int DetectPortParse(DetectPort **head, char *str) {
int r; int r;
#ifdef DEBUG SCLogDebug("str %s", str);
printf("DetectPortParse: str %s\n", str);
#endif
/* negate port list */ /* negate port list */
DetectPort *nhead = NULL; DetectPort *nhead = NULL;
@ -1118,9 +1093,7 @@ int DetectPortParse(DetectPort **head, char *str) {
goto error; goto error;
} }
#ifdef DEBUG SCLogDebug("head %p %p, nhead %p", head, *head, nhead);
printf("DetectPortParse: head %p %p, nhead %p\n", head, *head, nhead);
#endif
/* merge the 'not' address groups */ /* merge the 'not' address groups */
if (DetectPortParseMergeNotPorts(head,&nhead) < 0) { if (DetectPortParseMergeNotPorts(head,&nhead) < 0) {
@ -1446,6 +1419,26 @@ end:
return result; return result;
} }
int PortTestParse09 (void) {
DetectPort *dd = NULL;
int result = 0;
int r = DetectPortParse(&dd,"1024:");
if (r != 0)
goto end;
if (dd == NULL)
goto end;
if (dd->port != 1024 || dd->port2 != 0xffff)
goto end;
DetectPortCleanupList(dd);
result = 1;
end:
return result;
}
void DetectPortTests(void) { void DetectPortTests(void) {
UtRegisterTest("PortTestParse01", PortTestParse01, 1); UtRegisterTest("PortTestParse01", PortTestParse01, 1);
@ -1456,5 +1449,6 @@ void DetectPortTests(void) {
UtRegisterTest("PortTestParse06", PortTestParse06, 1); UtRegisterTest("PortTestParse06", PortTestParse06, 1);
UtRegisterTest("PortTestParse07", PortTestParse07, 1); UtRegisterTest("PortTestParse07", PortTestParse07, 1);
UtRegisterTest("PortTestParse08", PortTestParse08, 1); UtRegisterTest("PortTestParse08", PortTestParse08, 1);
UtRegisterTest("PortTestParse09", PortTestParse09, 1);
} }

9
src/detect-engine-sigorder.c
Unescape Escape View File

@ -14,6 +14,7 @@
#include "detect-pcre.h" #include "detect-pcre.h"
#include "util-unittest.h" #include "util-unittest.h"
#include "util-debug.h"
#define DETECT_FLOWVAR_NOT_USED 1 #define DETECT_FLOWVAR_NOT_USED 1
#define DETECT_FLOWVAR_TYPE_READ 2 #define DETECT_FLOWVAR_TYPE_READ 2
@ -783,7 +784,7 @@ void SCSigOrderSignatures(DetectEngineCtx *de_ctx)
int i = 0; int i = 0;
printf("Ordering Signatures in memory\n"); SCLogInfo("ordering signatures in memory");
sig = de_ctx->sig_list; sig = de_ctx->sig_list;
while (sig != NULL) { while (sig != NULL) {
@ -824,10 +825,8 @@ void SCSigOrderSignatures(DetectEngineCtx *de_ctx)
} }
#ifndef UNITTESTS #ifndef UNITTESTS
printf("SCSigOrderSignatures: Total Signatures reordered by the sigordering" SCLogInfo("total signatures reordered by the sigordering module: %d", i);
"module: %d\n", i);
#endif #endif
return; return;
} }
@ -844,7 +843,7 @@ void SCSigOrderSignatures(DetectEngineCtx *de_ctx)
*/ */
void SCSigRegisterSignatureOrderingFuncs(DetectEngineCtx *de_ctx) void SCSigRegisterSignatureOrderingFuncs(DetectEngineCtx *de_ctx)
{ {
printf("Registering Signature Ordering functions\n"); SCLogDebug("registering signature ordering functions");
SCSigRegisterSignatureOrderingFunc(de_ctx, SCSigOrderByAction); SCSigRegisterSignatureOrderingFunc(de_ctx, SCSigOrderByAction);
SCSigRegisterSignatureOrderingFunc(de_ctx, SCSigOrderByFlowbits); SCSigRegisterSignatureOrderingFunc(de_ctx, SCSigOrderByFlowbits);

14
src/detect-flowvar.c
Unescape Escape View File

@ -11,6 +11,7 @@
#include "detect-flowvar.h" #include "detect-flowvar.h"
#include "util-binsearch.h" #include "util-binsearch.h"
#include "util-var-name.h" #include "util-var-name.h"
#include "util-debug.h"
#define PARSE_REGEX "(.*),(.*)" #define PARSE_REGEX "(.*),(.*)"
static pcre *parse_regex; static pcre *parse_regex;
@ -157,9 +158,6 @@ int DetectFlowvarSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char
if (binpos == 2) { if (binpos == 2) {
uint8_t c = strtol((char *)binstr, (char **) NULL, 16) & 0xFF; uint8_t c = strtol((char *)binstr, (char **) NULL, 16) & 0xFF;
#ifdef DEBUG
printf("Binstr %" PRIX32 "\n", c);
#endif
binpos = 0; binpos = 0;
str[x] = c; str[x] = c;
x++; x++;
@ -175,11 +173,13 @@ int DetectFlowvarSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char
} }
} }
#ifdef DEBUG #ifdef DEBUG
for (i = 0; i < x; i++) { if (SCLogDebugEnabled()) {
if (isprint(str[i])) printf("%c", str[i]); for (i = 0; i < x; i++) {
else printf("\\x%02u", str[i]); if (isprint(str[i])) printf("%c", str[i]);
else printf("\\x%02u", str[i]);
}
printf("\n");
} }
printf("\n");
#endif #endif
if (converted) if (converted)

24
src/detect-parse.c
Unescape Escape View File

@ -571,6 +571,26 @@ end:
return result; return result;
} }
int SigParseTest03 (void) {
int result = 1;
Signature *sig = NULL;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
goto end;
sig = SigInit(de_ctx, "alert tcp 1.2.3.4 1024: -> !1.2.3.4 1024: (msg:\"SigParseTest03\"; sid:1;)");
if (sig == NULL) {
result = 0;
goto end;
}
SigFree(sig);
DetectEngineCtxFree(de_ctx);
end:
return result;
}
/** /**
* \test check that we don't allow invalid negation options * \test check that we don't allow invalid negation options
*/ */
@ -745,9 +765,6 @@ static int SigParseTestNegation07 (void) {
end: end:
if (de_ctx != NULL) if (de_ctx != NULL)
DetectEngineCtxFree(de_ctx); DetectEngineCtxFree(de_ctx);
//printf("%s\n", result?"ok":"fail");
//exit(1);
return result; return result;
} }
@ -755,6 +772,7 @@ end:
void SigParseRegisterTests(void) { void SigParseRegisterTests(void) {
UtRegisterTest("SigParseTest01", SigParseTest01, 1); UtRegisterTest("SigParseTest01", SigParseTest01, 1);
UtRegisterTest("SigParseTest02", SigParseTest02, 1); UtRegisterTest("SigParseTest02", SigParseTest02, 1);
UtRegisterTest("SigParseTest03", SigParseTest03, 1);
UtRegisterTest("SigParseTestNegation01", SigParseTestNegation01, 1); UtRegisterTest("SigParseTestNegation01", SigParseTestNegation01, 1);
UtRegisterTest("SigParseTestNegation02", SigParseTestNegation02, 1); UtRegisterTest("SigParseTestNegation02", SigParseTestNegation02, 1);
UtRegisterTest("SigParseTestNegation03", SigParseTestNegation03, 1); UtRegisterTest("SigParseTestNegation03", SigParseTestNegation03, 1);

10
src/detect-pktvar.c
Unescape Escape View File

@ -9,6 +9,7 @@
#include "pkt-var.h" #include "pkt-var.h"
#include "detect-pktvar.h" #include "detect-pktvar.h"
#include "util-binsearch.h" #include "util-binsearch.h"
#include "util-debug.h"
#define PARSE_REGEX "(.*),(.*)" #define PARSE_REGEX "(.*),(.*)"
static pcre *parse_regex; static pcre *parse_regex;
@ -105,9 +106,7 @@ int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char
varcontent = (char *)str_ptr; varcontent = (char *)str_ptr;
} }
#ifdef DEBUG SCLogDebug("varname %s, varcontent %s", varname, varcontent);
printf("DetectPktvarSetup: varname %s, varcontent %s\n", varname, varcontent);
#endif
if (varcontent[0] == '\"' && varcontent[strlen(varcontent)-1] == '\"') { if (varcontent[0] == '\"' && varcontent[strlen(varcontent)-1] == '\"') {
str = strdup(varcontent+1); str = strdup(varcontent+1);
@ -154,9 +153,6 @@ int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char
if (binpos == 2) { if (binpos == 2) {
uint8_t c = strtol((char *)binstr, (char **) NULL, 16) & 0xFF; uint8_t c = strtol((char *)binstr, (char **) NULL, 16) & 0xFF;
#ifdef DEBUG
printf("Binstr %" PRIX32 "\n", c);
#endif
binpos = 0; binpos = 0;
str[x] = c; str[x] = c;
x++; x++;
@ -172,11 +168,13 @@ int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char
} }
} }
#ifdef DEBUG #ifdef DEBUG
if (SCLogDebugEnabled()) {
for (i = 0; i < x; i++) { for (i = 0; i < x; i++) {
if (isprint(str[i])) printf("%c", str[i]); if (isprint(str[i])) printf("%c", str[i]);
else printf("\\x%02u", str[i]); else printf("\\x%02u", str[i]);
} }
printf("\n"); printf("\n");
}
#endif #endif
if (converted) if (converted)

4
src/log-httplog.c
Unescape Escape View File

@ -18,6 +18,8 @@
#include "util-print.h" #include "util-print.h"
#include "util-unittest.h" #include "util-unittest.h"
#include "util-debug.h"
#define DEFAULT_LOG_FILENAME "http.log" #define DEFAULT_LOG_FILENAME "http.log"
int LogHttplog (ThreadVars *, Packet *, void *, PacketQueue *); int LogHttplog (ThreadVars *, Packet *, void *, PacketQueue *);
@ -211,6 +213,6 @@ void LogHttplogExitPrintStats(ThreadVars *tv, void *data) {
return; return;
} }
printf(" - (%s) HTTP requests %" PRIu32 ".\n", tv->name, aft->uri_cnt); SCLogInfo("(%s) HTTP requests %" PRIu32 "", tv->name, aft->uri_cnt);
} }

6
src/source-pcap.c
Unescape Escape View File

@ -133,7 +133,7 @@ int ReceivePcap(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq) {
} }
if (TmThreadsCheckFlag(tv, THV_KILL) || TmThreadsCheckFlag(tv, THV_PAUSE)) { if (TmThreadsCheckFlag(tv, THV_KILL) || TmThreadsCheckFlag(tv, THV_PAUSE)) {
printf("ReceivePcap: interrupted.\n"); SCLogInfo("pcap packet reading interrupted");
return 0; return 0;
} }
} }
@ -231,7 +231,7 @@ int ReceivePcapThreadInit(ThreadVars *tv, void *initdata, void **data) {
ptv->tv = tv; ptv->tv = tv;
printf("ReceivePcapThreadInit: using interface %s\n", (char *)initdata); SCLogInfo("using interface %s", (char *)initdata);
char errbuf[PCAP_ERRBUF_SIZE] = ""; char errbuf[PCAP_ERRBUF_SIZE] = "";
ptv->pcap_handle = pcap_open_live((char *)initdata, LIBPCAP_SNAPLEN, ptv->pcap_handle = pcap_open_live((char *)initdata, LIBPCAP_SNAPLEN,
@ -256,7 +256,7 @@ int ReceivePcapThreadInit(ThreadVars *tv, void *initdata, void **data) {
void ReceivePcapThreadExitStats(ThreadVars *tv, void *data) { void ReceivePcapThreadExitStats(ThreadVars *tv, void *data) {
PcapThreadVars *ptv = (PcapThreadVars *)data; PcapThreadVars *ptv = (PcapThreadVars *)data;
printf(" - (%s) Packets %" PRIu32 ", bytes %" PRIu64 ".\n", tv->name, ptv->pkts, ptv->bytes); SCLogInfo("(%s) Packets %" PRIu32 ", bytes %" PRIu64 "", tv->name, ptv->pkts, ptv->bytes);
return; return;
} }

29
src/stream-tcp-reassemble.c
Unescape Escape View File

@ -24,7 +24,6 @@
#include "util-pool.h" #include "util-pool.h"
#include "util-unittest.h" #include "util-unittest.h"
#include "util-print.h" #include "util-print.h"
#include "util-debug.h"
#include "stream-tcp.h" #include "stream-tcp.h"
#include "stream-tcp-private.h" #include "stream-tcp-private.h"
@ -34,6 +33,7 @@
#include "app-layer-detect-proto.h" #include "app-layer-detect-proto.h"
#include "util-debug.h"
//#define DEBUG //#define DEBUG
#ifdef DEBUG #ifdef DEBUG
@ -1549,20 +1549,21 @@ static int StreamTcpCheckStreamContents(uint8_t *stream_policy, uint16_t sp_size
uint8_t j; uint8_t j;
#ifdef DEBUG #ifdef DEBUG
TcpSegment *temp1; if (SCLogDebugEnabled()) {
printf("check stream !!\n"); TcpSegment *temp1;
for (temp1 = stream->seg_list; temp1 != NULL; temp1 = temp1->next) for (temp1 = stream->seg_list; temp1 != NULL; temp1 = temp1->next)
PrintRawDataFp(stdout, temp1->payload, temp1->payload_len); PrintRawDataFp(stdout, temp1->payload, temp1->payload_len);
PrintRawDataFp(stdout, stream_policy, sp_size); PrintRawDataFp(stdout, stream_policy, sp_size);
}
#endif #endif
for (temp = stream->seg_list; temp != NULL; temp = temp->next) { for (temp = stream->seg_list; temp != NULL; temp = temp->next) {
j = 0; j = 0;
for (; j < temp->payload_len; j++) { for (; j < temp->payload_len; j++) {
#ifdef DEBUG SCLogDebug("i %"PRIu16", len %"PRIu32", stream %"PRIx32" and temp is %"PRIx8"",
printf("i is %" PRIu32 " and len is %" PRIu32 " stream %" PRIx32 " and temp is %" PRIx32 "\n", i, temp->payload_len, stream_policy[i], temp->payload[j]); i, temp->payload_len, stream_policy[i], temp->payload[j]);
#endif
if (stream_policy[i] == temp->payload[j]) { if (stream_policy[i] == temp->payload[j]) {
i++; i++;
continue; continue;
@ -1618,14 +1619,12 @@ static int StreamTcpCheckQueue (uint8_t *stream_contents, StreamMsgQueue *q, uin
break; break;
} }
#ifdef DEBUG SCLogDebug("gap is %" PRIu32"", msg->gap.gap_size);
printf("Gap is %" PRIu32"\n", msg->gap.gap_size);
#endif
j = 0; j = 0;
for (; j < msg->data.data_len; j++) { for (; j < msg->data.data_len; j++) {
#ifdef DEBUG SCLogDebug("i is %" PRIu32 " and len is %" PRIu32 " and temp is %" PRIx32 "", i, msg->data.data_len, msg->data.data[j]);
printf("i is %" PRIu32 " and len is %" PRIu32 " and temp is %" PRIx32 "\n", i, msg->data.data_len, msg->data.data[j]);
#endif
if (stream_contents[i] == msg->data.data[j]) { if (stream_contents[i] == msg->data.data[j]) {
i++; i++;
continue; continue;

2
src/stream-tcp.c
Unescape Escape View File

@ -1502,7 +1502,7 @@ void StreamTcpExitPrintStats(ThreadVars *tv, void *data) {
return; return;
} }
printf(" - (%s) Packets %" PRIu64 ".\n", tv->name, stt->pkts); SCLogInfo("(%s) Packets %" PRIu64 "", tv->name, stt->pkts);
} }
/** /**

4
src/util-debug.c
Unescape Escape View File

@ -397,7 +397,7 @@ SCError SCLogMessage(SCLogLevel log_level, char **msg, const char *file,
} }
temp_fmt++; temp_fmt++;
} }
cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN, "%s - ", substr); cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN, "%s", substr);
if (cw < 0) if (cw < 0)
goto error; goto error;
@ -813,7 +813,7 @@ static inline void SCLogSetOPFilter(SCLogInitData *sc_lid, SCLogConfig *sc_lc)
} }
#ifdef DEBUG #ifdef DEBUG
printf("SCLogSetOPFilter: filter %s\n", filter ? filter : "no filter"); printf("SCLogSetOPFilter: filter: %s\n", filter ? filter : "<no filter>");
#endif #endif
return; return;

43
src/util-debug.h
Unescape Escape View File

@ -168,46 +168,48 @@ extern int sc_log_module_cleaned;
#define SCLog(x, ...) do { \ #define SCLog(x, ...) do { \
char msg[SC_LOG_MAX_LOG_MSG_LEN]; \ char _sc_log_msg[SC_LOG_MAX_LOG_MSG_LEN]; \
char *temp = msg; \ char *_sc_log_temp = _sc_log_msg; \
if ( !( \ if ( !( \
(sc_log_global_log_level >= x) && \ (sc_log_global_log_level >= x) && \
SCLogMessage(x, &temp, \ SCLogMessage(x, &_sc_log_temp, \
__FILE__, \ __FILE__, \
__LINE__, \ __LINE__, \
__FUNCTION__) \ __FUNCTION__) \
== SC_OK) ) \ == SC_OK) ) \
{ } else { \ { } else { \
snprintf(temp, \ snprintf(_sc_log_temp, \
(SC_LOG_MAX_LOG_MSG_LEN - \ (SC_LOG_MAX_LOG_MSG_LEN - \
(msg - temp)), \ (_sc_log_msg - _sc_log_temp)), \
__VA_ARGS__); \ __VA_ARGS__); \
SCLogOutputBuffer(x, msg); \ SCLogOutputBuffer(x, _sc_log_msg); \
} \ } \
} while(0) } while(0)
#define SCLogErr(x, err, ...) do { \ #define SCLogErr(x, err, ...) do { \
char msg[SC_LOG_MAX_LOG_MSG_LEN]; \ char _sc_log_err_msg[SC_LOG_MAX_LOG_MSG_LEN]; \
char *temp = msg; \ char *_sc_log_err_temp = _sc_log_err_msg; \
if ( !( \ if ( !( \
(sc_log_global_log_level >= x) && \ (sc_log_global_log_level >= x) && \
SCLogMessage(x, &temp, \ SCLogMessage(x, &_sc_log_err_temp,\
__FILE__, \ __FILE__, \
__LINE__, \ __LINE__, \
__FUNCTION__) \ __FUNCTION__) \
== SC_OK) ) \ == SC_OK) ) \
{ } else { \ { } else { \
temp = temp + snprintf(temp, \ _sc_log_err_temp = \
_sc_log_err_temp + \
snprintf(_sc_log_err_temp, \
(SC_LOG_MAX_LOG_MSG_LEN - \ (SC_LOG_MAX_LOG_MSG_LEN - \
(msg - temp)), \ (_sc_log_err_msg - _sc_log_err_temp)), \
"[ERRCODE: %s(%d)] - ", \ "[ERRCODE: %s(%d)] - ", \
SCErrorToString(err), \ SCErrorToString(err), \
err); \ err); \
snprintf(temp, \ snprintf(_sc_log_err_temp, \
(SC_LOG_MAX_LOG_MSG_LEN - \ (SC_LOG_MAX_LOG_MSG_LEN - \
(msg - temp)), \ (_sc_log_err_msg - _sc_log_err_temp)), \
__VA_ARGS__); \ __VA_ARGS__); \
SCLogOutputBuffer(x, msg); \ SCLogOutputBuffer(x, _sc_log_err_msg); \
} \ } \
} while(0) } while(0)
@ -316,18 +318,19 @@ extern int sc_log_module_cleaned;
* \retval f An argument can be supplied, although it is not used * \retval f An argument can be supplied, although it is not used
*/ */
#define SCEnter(f) do { \ #define SCEnter(f) do { \
char msg[SC_LOG_MAX_LOG_MSG_LEN]; \ char _sc_enter_msg[SC_LOG_MAX_LOG_MSG_LEN]; \
char *temp = msg; \ char *_sc_enter_temp = _sc_enter_msg; \
if (sc_log_global_log_level >= SC_LOG_DEBUG &&\ if (sc_log_global_log_level >= SC_LOG_DEBUG &&\
SCLogCheckFDFilterEntry(__FUNCTION__) && \ SCLogCheckFDFilterEntry(__FUNCTION__) && \
SCLogMessage(SC_LOG_DEBUG, &temp, \ SCLogMessage(SC_LOG_DEBUG, &_sc_enter_temp, \
__FILE__, \ __FILE__, \
__LINE__, \ __LINE__, \
__FUNCTION__) == SC_OK) { \ __FUNCTION__) == SC_OK) { \
snprintf(temp, (SC_LOG_MAX_LOG_MSG_LEN - \ snprintf(_sc_enter_temp, (SC_LOG_MAX_LOG_MSG_LEN - \
(msg - temp)), \ (_sc_enter_msg - _sc_enter_temp)), \
"%s", "Entering ... >>"); \ "%s", "Entering ... >>"); \
SCLogOutputBuffer(SC_LOG_DEBUG, msg); \ SCLogOutputBuffer(SC_LOG_DEBUG, \
_sc_enter_msg); \
} \ } \
} while(0) } while(0)

Write Preview
Loading…
Cancel
Save